cvedb.io
CVE-2026-56336
MEDIUM · CVSS 5.3
EPSS exploitation probability: 0%
Published 2026-07-12T12:16:45.837 · Last modified 2026-07-12T12:16:45.837

Summary

Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /private/sso/check-domain endpoint that returns internal org_id and provider_id values. Attackers can enumerate email domains to build mappings of domains to organization UUIDs and SSO provider identifiers, enabling reconnaissance against Capgo tenants.

Does this affect you?

Add your gear to cvedb and we'll alert you only when a vendor you run ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.